Age verification helps to establish the age of your customers and users so that you can remain compliant. You can use it as a protection measure to restrict those who are underage, or not appropriately aged, from accessing your age-restricted products and services.
Algorithmic bias is when artificial intelligence (AI) algorithms create systemic and repeatable errors that result in unfair outcomes, such as against a group of people or giving privilege to a group of people. Inclusivity and accessibility are deeply rooted in Onfido’s culture and we have won awards for our machine learning technology and algorithmic bias mitigation.
Anti-money laundering (AML)
Anti-money laundering (AML) refers to laws, regulations and activities intended to prevent financial crime and money laundering. In other words, to stop criminals from disguising illegal funds as legitimate. The laws and regulations legally require all financial institutions to monitor customer transactions and report on suspicious activities.
AML fines occur when financial institutions fail to comply with AML requirements.
An API (Application Programming Interface) enables clients to submit verification checks programmatically. Onfido’s API is based on REST principles. It uses standard HTTP response codes and verbs, and token-based authentication. By default, our API checks have the following basic workflow: 1) An applicant is created, 2️) Documents and images are uploaded to the applicant object (if required), 3️) A check is constructed consisting of one or more reports.
Artificial Intelligence (AI)
Artificial intelligence (AI) is a branch of computer science. It uses computer systems to solve problems in a way that mimics human intelligence.
Companies use authentication as a way to re-prove or re-verify the identity of their customers or users. In other words, to build assurance that the person they’re doing business with is still the same person that they did business with on day one. There are several ways to authenticate customers. At Onfido, we verify your customers against a government-issued identity document and facial biometrics at onboarding, and use those same biometric signals to enable repeat access later in the customer journey.
Biometrics are a way of measuring a person’s unique physical characteristics to identify or verify them. This includes a fingerprint, voice, iris, facial geometry or hand geometry among others.
Biometric verification involves the use of a person’s biometrics to prove their identity. By combining a document check with biometric verification to score a similarity match, businesses can verify that the document truly belongs to the person making the transaction. This adds a layer of protection against stolen IDs and impersonation attacks. Onfido offers two types of biometric check: selfie and video.
Compliance is the practice of obeying a rule or law. For businesses, that means making sure that the company and its employees abide by the laws and regulations that apply to them. For example, a financial institution must make sure that it complies with AML and KYC regulations.
A cryptocurrency is a type of digital money. Transactions and records are secured by cartography and a decentralized system, which makes cryptocurrencies almost impossible to counterfeit and theoretically immune to government involvement.
Customer Due Diligence
Customer due diligence (CDD) is a series of checks to help you verify your customers’ identities and assess their risk profiles.
CDD is a regulatory requirement for companies entering into business relationships with a customer and is a big part of anti-money laundering (AML) and Know Your Customer (KYC) directives. Its purpose is to prevent financial crime and uncover any risks to your organization that could arise from doing business with certain customers.
Document verification involves using an official identity document to prove someone’s identity. Combined with Biometric verification, it’s a seamless way to anchor an account to the real identity of a customer.
A deepfake is a type of synthetic media. Creators use a form of artificial intelligence called deep learning to create fake images, audio or videos. Often, one person’s face is replaced by another.
A digital identity is a collection of information about a person that exists online, and that businesses can use to establish the identity of their customers.
Digital onboarding refers to the process of signing up a new customer, bringing a new customer or user onto your platform, or familiarising them with your product or service, in a digital environment.
eID, or electronic identification, is a digital form of identity proofing - a way for people to electronically prove that they are who they say they are.
eIDAS stands for electronic IDentification, Authentication and trust Services. It is a regulation in the EU effective since July 2014 that provides a common foundation for electronic transactions in order to enhance trust between citizens, private businesses and public authorities across borders.
Enhanced due diligence (EDD)
Enhanced due diligence (EDD) is a type of step-up KYC process that businesses may be required to complete on certain high-risk customers. It is most commonly mandated for financial services.
An eSignature of electronic signature is the generic term for any signature transmitted electronically on a document. A digital signature is a more secure and compliant eSignature with enhanced features. e-Signatures are as legally binding as written signatures.
False acceptance rate (FAR)
The false acceptance rate (FAR) is a way to measure the performance of identity verification systems by the percentage of unauthorized persons they incorrectly accept.
False rejection rate (FRR)
The false rejection rate (FRR) is a way to measure the performance of identity verification systems by the percentage of authorized persons they incorrectly reject.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a privacy and security law in the European Union that took effect in May 2018. It provides a legal framework for how businesses should collect and process personal information of people living in the EU.
Identity and Access Management (also Identity Management)
Identity and access management (IAM) includes technology, policies and processes that ensure the right people, devices or software have the right access to the right services. IAM systems help assign a digital identity to an entity to authenticate, give access and monitor that entity’s usage.
Identity proofing is a method of verifying that a person’s claimed identity matches their actual identity. This can be done with documents, biometrics, questions (knowledge-based) or database checks.
Identity fraud is the usage of stolen, counterfeit or forged identity data in order to gain unauthorized access systems or services. Identity fraud has risen 44% since 2019.
Identity verification is the process of making sure a person is who they claim to be, often with documents they submit.
Know your Customer (KYC)
KYC is a regulation in financial services and other similar businesses that requires verifying a customer’s identity and sometimes other due diligence processes. These measures are in place to protect both the customer, and the business from fraud and other criminal activity.
Know your business (KYB)
Know your business is a regulation mandating collection of data and information on an organization before engaging with them, in order to meet anti money laundering and other compliance regulations.
Knowledge-based authentication (KBA)
Knowledge-based authentication (KBA) is a way to verify that a person’s identity is who they claim to be, by requesting private information that theoretically only they should know. It bolsters a system’s security against fraud, cyberattacks and other online crime.
Liveness in identity verification is the detection of a real (live) person who is present at the moment of capture, by using biometric technology like video facial scans or motion detection. This can help ensure that it is not a spoof such as a mask or photo to mitigate fraud and cybercrimes.
Machine learning is a branch of computer science and one part of artificial intelligence (AI). It allows a machine to learn from data analysis and algorithms automatically, in ways that mimic humans and can solve complex problems.
Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is a way to verify that a user is authorized beyond asking for a username and password. The user is required to enter two or more other verification methods, such as a hardware key, fingerprint or one-time password.
NFC, or near-field communication, is a set of protocols to allow wireless short-range communication between electronic devices to exchange data like payments or keyless entries. One example is tapping a mobile phone or credit card chip near a payment reader device.
One-Time Passwords (OTP)
A one-time password is a string of randomly-generated characters sent only to an authorized user, to authenticate the user beyond their login credentials, for a single login attempt.
PEPs and sanctions screening
Politically exposed persons (PEPs) and sanctioned individuals are two classes of persons that regulated industries must identify when onboarding by conducting PEPs and sanctions checks.
Remote onboarding is the process of adding a new member to an organization by replacing face-to-face verification with digital verification. Remote onboarding of users of financial and other services has shifted from simply replacing the in-branch process to offering improvements in the experience, from speed to efficiency.
Sanctions Compliance and Screening
Sanctions compliance and screening are an essential part of KYC procedures. It’s how businesses meet regulations that prohibit them from transacting with any sanctioned individuals or entities.
Single Sign-on (SSO)
Single Sign-on is an authentication method that allows a user to access separate services by logging in once with one ID.
Two-factor Authentication (2FA)
Two-factor authentication is a way to verify that a user is authorized beyond asking for a username and password. The user is required to use one other verification method, such as a hardware key, fingerprint or one-time password..